Cybersecurity Expert Answers Hacking History Questions | Tech Support | WIRED
Hopefully, we'll stay out of jail on this. Ladies and gentlemen, start your lawyers. I'm Jeff Kr. I'm a cyber security architect and adjunct professor at NC State University. Let's answer some questions from the internet. This
is history of hacking [Music] support. Atmatscary 34 asks, "Who do you think is the most influential hacker in cyber history?" Some of the really great hackers are ones you've never heard of because they in fact were so good they didn't get caught. Certainly one of the big names. He was certainly the most
influential and infamous back in the day is Kevin Mitnik. Kevin Mitnik was particularly known for his social engineering where he would basically try to con people, rely on their desire to trust each other and get information out of people by pretending to be someone else. He served 5 years in prison. He was arrested for abusing the phone system. Back in those days, you had to pay for long-distance calls. He was able to break into the phone system and make calls for free. at Raymond Goch one asks
where does the term hack come from? The term really traces its evolution from the 60s where at MIT there was a model train club and they use the term hack or hacker to refer to someone who was able to use the technology in an unconventional way in a creative way. Then about the 70s 80s it kind of took a change and most people began to associate hacking with unauthorized access. In the security community, we actually refer to at least three different types. And we refer to them by their hat color, believe it or not. No, they're not actually wearing hats necessarily, but we refer to black hats as the ones who are breaking into systems in order to do damage, in order to steal things, operating without permission. The white hat hackers, those are more like that original terminology that we referred to with the the group from NI MIT who were basically hobbyists trying to find out where the limits of the technology. this sort of thing. They
report those vulnerabilities and they're trying to do something for the overall good. Now, you've got something in between, a grey hat hacker where they claim to be doing some good, but maybe they don't. They cross a few lines here and there. James K. Poke, how did computer hackers do their hacking back in the 60s and 70s? It was all about physical access because computers, there was no internet. All the computers that
existed were pretty much in very known places. A company had a data center. It was on raised floor. It had to be cooled with air conditioning. The entry and
access to those systems was controlled via badge reader. There were cameras. So, it was basically security was guards, guns, and gates back in those days. If you didn't have access physically to the system, you couldn't do much damage. Then it started moving to where attackers were starting to use the phone system. Hackers that were hacking on the phone system were known as freakers, phone hackers. They would
do different things to try to figure out how they could get into the phone system and control it remotely, maybe from a pay phone. There were not a lot of computer systems for them to break into yet. And then we start moving into the 70s now. We didn't really have an
internet that everyone had access to, but more and more systems were being made available over the public phone network. So they had modems and you could call into a system and then get access. If you knew the password, you could log in and then maybe take control of the system that way. So that's what happened really more in the '7s. In
the8s, especially as we move into the '90s. Then we had the internet and that's when really hacking changed very dramatically because everyone had access to everyone everywhere in the world. It was a great thing for pretty much everyone including the attackers at Charlie's Curious asks, "Have hackers ever taken down a government website?" One of the first that I remember was back in about 1996 when the Central Intelligence Agency had their main website hacked and at least for a short period of time it said welcome to the Central Stupidity Agency. Not a lot of
damage done there, more just a reputational damage. It was basically electronic graffiti. So what could people do to prevent their websites for instance from being hacked? One of the first things is make sure that you change all of the default user IDs and passwords. We call that hardening.
That's one form of hardening. Another is turn off all the unnecessary services. Every single thing that's turned on on a system is potentially another way a bad guy can use to get into your system. Also, keep your software up to date because all the time vendors are fixing bugs in their software and many of those bugs are security bugs and the bad guys will know about what those bugs are and they'll take advantage of them. Needs to be at minimum multiffactor authentication. Don't rely on voice
recognition. By the way, we have deep fake technology from AI that potentially could fake that stuff out. Weeds asks, "Question for cyber security mavens.
Since signal is open- source, doesn't that mean that some intelligent adversary could determine its encryption algorithm and come up with a way to decrypt signal communications?" Well, yes, in general. But first of all, don't add people to your group chat if you don't know who they are. There's a a notion in cryptography that's known as Kirkoff's principle and it says that nothing should be secret about a crypto system except the keys. In other words, knowing how an algorithm works should not give you any insight into how to break it. A good crypto algorithm will stand the test of time. Everyone can know how it works and yet they still can't break it. The only way to break an
encrypted message is to guess what the key is. That's been the case. So if the keys are the secret to the system, then one thing you want to be able to do is generate those keys and keep them secret. You want a random key and then you want to store it somewhere safe. The
more randomness you can get, the better your key will be and then you you don't have to remember that. You'll use some other form of multiffactor authentication or things like that in order to get access to the key. But the key itself will be saved on your system. And if it's really sensitive, you'll store it in a special place in hardware where if someone tries to access that without permission, it'll actually blank the key and just wipe it out completely. Then that crypto device uh becomes effectively just a paper weight at that point. Deadbird Rugby says, "I've seen
some older generation folks on LinkedIn as cyber security analysts in the '90s." Yeah, he's probably talking about me. Uh from what I remember, the internet was like the Wild West in the '90s. A lot of focus was just on putting up a firewall, putting up some sort of technology that gave us an initial block, an initial front door to separate our internal network from the external wild west. But firewalls weren't nearly enough. They weren't enough then and they're not enough now. But that was what a lot of
the view was. And we talk about the wild west. Well, there was a wild west then on the internet because everything was kind of unknown and unmonitored. We still have that today to a great extent.
But then there's another layer deep below the surface that most people never see. Where you exist for the most part, if you're typical uh of most people is you're on the surface web. That's maybe 5% of the content that's on the worldwide web. And it's stuff that you can get to from your favorite search engine. It's been indexed, in other words. So you can go to the search
engine and find it. The other 95% is kind of think of an iceberg. This is the stuff below the surface. You know, the iceberg is deeper below the water level. So think about the iceberg. The other 95% that's below, that's the deep web.
It's not necessarily nefarious stuff. It's just not stuff that everyone needs to get to. It's business records. It's things like that. Only authorized users would be able to go in and authenticate and be able to see that stuff. But there's a subset that's in an area we call the dark web. And it's dark because
it's not indexed. You have to know where it is. So, you're not likely to just stumble into it. In fact, you've got to
use special tools to get there. And for what it's worth, I don't recommend that you go there because it's a rough neighborhood. Your system could be taken over, could be hacked, could have malware on it after you visited some of these illicit sites. Now, is everything on the dark web terrible? No. Some group
of the people that are on the dark web are people who are whistleblowers, people who are political dissident, people who live in areas of the world where they can't speak freely, and maybe it's even journalists who need to be able to get a message out and be able to do it with anonymity. But with anonymity comes also the possibility of illegal and illicit activities. It's dark because the lights are off. It's not dark because of what the content is there, but certainly some of the content is of a dark nature. A user on Reddit asked, "What was the Stuckset virus and why was it so successful?" Well, Stuckset was some malware. I'll just use that general term to refer to it.
Designed specifically to target nuclear centrifuges in Iran. It was unleashed on those systems. Those systems didn't have general internet access. So the idea was that it would be brought into the system physically implanted on those systems and then it would cause these centrifuges to speed up and slow down and speed up and slow down which caused them to not be functional. The idea of course was to disrupt Iran's ability to enrich uranium. So who was looking out
for doing that? Well, there's a lot of attribution and it's one of those situations. One of my favorite quotes is those who know aren't talking and those who don't, well, you can't shut them up. I'm going to keep talking. So now you know which one of those categories I'm in. I don't have any firsthand
information, but it's been widely attributed in the public space that the US and Israel were involved in this particular attack as a way to try to subvert Iran's nuclear ambitions. It was pretty successful for a good period of time until it turns out that the virus spread to some other systems. Those other systems then were discovered with an antivirus tool. Then from there, the
whole game started to unravel. at Mach 5 turtle says, "Yay, my data has been compromised due to the OPM data breach. Not sure that's a reason for celebration. Uh, my fingerprints and everything. Uh, where will it all turn up next? How exciting." That's a case
where data is turned over to someone else and you have to trust that they're going to do the right thing. And maybe they do the right thing 99% of the time, but it's that other 1% where they didn't and then that's where an attack occurs. So, what can you do about this? Well, first of all, don't give your data to places where you don't have to. And most
people give their data up very freely for very little in exchange. So, make sure that you're understanding the bargain. Understand that your data is worth something to those companies.
That's why they want to keep it. And make sure that what you're getting back in exchange for it is really a fair bargain. Also, you can do some things like credit monitoring, like credit freeze, credit lock, things like that. So that way if someone tries to open a line of credit in your name, tries to get a credit card, tries to get a home loan, whatever like that, they try to do that in your name using information that they got from one of these data breaches. Well, they won't be able to. That's something that you can do at least in the US, and there are probably similar things you can do in other countries as well. ATC magazine asks, "A question for cyber security pros. Would
you ban Tik Tok from your organization over security and privacy concerns raised about its ownership being based in China?" First of all, my general approach to bans is I don't think they work. Not in the way that people hope that they will. When you ban something, you drive its behavior below ground. And once you drive it underground, then it's hard to monitor. Now, am I concerned about ownership? I'm concerned about ownership of all of these because just because a company is in China or even if they're in the US doesn't necessarily make me think that there's going to be no violations of privacy or no manipulation of information. We've already seen that every country on earth is really good and has people who will find ways to be good at manipulating people through misinformation and fake news. And we know that privacy
violations occur everywhere. And we also know that privacy violations can occur even unintentionally. So there are concerns certainly if a government is able to say we are going to make you turn over those records to us and now there's not independence from that service and the government and that's a big concern but that happens in a lot of cases. I heard Daikaiu asks what are
some ways elections are vulnerable from a security standpoint and what can be done to shore up these platforms. almost every case I will choose the more high-tech alternative to the lower tech alternative except when it comes to voting. In that case, the reason I like paper ballots is because with a paper ballot, if the counting machine messes up, well, we just go back and take the paper ballots and run them through another one. If we have only electronic votes to begin with, we can't go run them all back through. We can't line up
all the people that voted on that day and say, "Please go back, get in line again, and vote exactly the way you did before." Doesn't work like that. We could have a power outage at a voting station. Well, again, that doesn't affect paper ballots. It might affect
the counting, and if we want to use machines to do counting of those, I think that's not so unreasonable, but there there are a lot of things that technology helps us with. This is one where a lower tech solution is probably better. Chronoport asks, "Why did the I love you virus overwrite other files?" If you're a virus, you're trying to spread yourself as much as you can. The more types of files that you can overwrite, the more things you can infect and the more other systems you can infect and the harder it is to get the system disinfected. If you're the
designer of a virus, you want it to spread as virally as possible. So, infect as much stuff as you possibly can. At Allah asks, "Who stopped W to Cry?" Wann to Cry was one of the most famous examples of malware. Did a lot of
damage. The guy that's given credit for stopping it is named Marcus Hutchkins. He did it in May of 2017. He was doing some analysis of the malware and found that it actually made a call out to a particular website to a particular domain name. It was really long and complex and gorpy looking. Nothing that you would ever guess unless you were just decompiling the code. And he
realized that as long as it didn't find the presence of that, it would continue to spread. So what he did then was go register that domain name so that then whenever the malware went out to go ping that site to see if it exists, it would in fact exist and therefore the malware would stop replicating. So he basically found what was a kill switch that was built into the code, but that didn't necessarily stop and eradicate. The
malware was still on a lot of people's systems and may still be out there in some cases, but at least it was a way to turn a kill switch and make it stop so that it didn't hurt other people for at least a good period of time. At the boss almighty asks, "How exactly can hackers shut down a pipeline?" I'm assuming this is a reference to the Colonial Pipeline ransomware case that was very infamous because in fact there was a pipeline that transported oil across the southeastern portions of the US. Well, it turns out that the attacker, the actual malware, the ransomware did not actually shut down the pipeline. The operators of Colonial Pipeline decided they needed to shut it down in order to prevent further damage cuz they weren't quite really sure what was going on. They knew that they had experienced a ransomware case. They were being
demanded a $5 million ransom in order to restore the systems. And they, in an abundance of caution, just felt like it was better to shut things down until they could figure out what happened. They eventually did turn things back on and of course we got back in operational. Interesting sideline with
that story is they actually paid the $5 million ransom, but here was the unhappy part of that ending. The attackers gave them a tool that would decrypt the data that had been encrypted. So they paid the ransom, they got the tool, but the tool was so inefficient and so slow that it would never have recovered the data in time to do anyone any good. So they ended up having to rely on their own backups, incomplete as they might have been. And so they paid the $5 million ransom, didn't get their data, and it was kind of a worst of both worlds situation. However, in the end, there
was one more twist, and that was that the FBI actually recovered half of that ransom. Don't expect that to happen in your case. At Noble Infantry asks, "What is a firewall, and how does it work?" Well, a firewall was a building mechanism that was fire retardant materials that would at least slow the spread of fire from one unit to the next. Now, when you apply that concept into network security, it's a place a zone a se of of separation where we're going to keep one level of trusted network away from another. Maybe an untrusted internet will keep that separate from a trusted internal network. And the firewall will basically
be the gatekeeper. So, we'll have a security policy in it and it will look for certain types of traffic and say that kind of stuff can come in. This other kind of stuff we're going to block because we don't use that kind of traffic. we don't need traffic coming
from that area of the internet or we don't need users of that sort they're not part of our organization so we put a gating factor basically a guard between areas of networks where we have different zones of trust AI pitch side asks I'm curious to know how people balance online security with the need for convenience do VPNs really offer the anonymity we think they do the original purpose of VPNs was really just as a way to transport sensitive information over a public network. So if I wanted to send a secret message to you that only you could see and that someone else who saw the traffic going across the internet would not be able to read, I would encrypt the message and then send it to you. So that way we have an encrypted connection between the two of us. Now the VPNs that most people use today not only can do that, but they also will hide the IP address that you're coming from. And that's where you start to get some of these anonymity features. The idea is that your ISP, whoever it is that's providing your internet connection and getting you as the on-ramp onto the highway, that is the internet, they know what your IP address is. And they can see everything that
comes and goes into your home network or into your computer itself, unless you use a VPN, which then all they can do is see where the packets are coming from and where they're going, but they can't see the contents of it. So, that gives you a certain level of anonymity. However, if you use a VPN, then what it will do is also hide where your originating IP address is because what will happen is no matter where you want to send a packet, if you've got the VPN turned on, it's going to go to the VPN access point first. Then from there, it will get routed to where it's supposed to go. So the ISP then at that point only sees here you are sending all your traffic to this one VPN entry point, this VPN access point, and then stuff comes back from there. They won't be
able to see the contents. they won't be able to see where it goes after that point. Now, that gives you some anonymity and some privacy. However, don't be fooled. What you've done is shifted your trust from your ISP, which maybe wasn't so trustworthy in terms of guarding your privacy, to the VPN provider because the VPN provider now gets to see where all your traffic is going. And you don't really have a way to verify the way they're operating. So,
some VPNs will be very rock solid and will preserve your privacy. Others will not. So just by using a VPN, you may just be making it easier by concentrating all your data to one place. And if that place gets attacked
or if that place is a bad actor, then you've given them all your information. So be careful. A VPN is not a panacea. It can help. At hot geologist 6330 asks, why are fishing emails and telephone scams still profitable despite increased awareness? Simple answer is people. Have
you ever met them? Well, they can be exploited. We have this tendency as humans to trust other people. Even if you're very jaded, you see someone walking toward a building, their arms are full of stuff and it's raining and you're at the door. So maybe you hold the door open for them. But if that
person was planning to do that as a way to get into the building, well then they basically just socially engineered you into letting them come into the building and tailgate without using their badge. Social engineering is what lies at the heart of these types of attacks of fishing emails, telephone scams, and things like that. Our tendency to trust. And in one context, that's a beautiful thing because we wouldn't want everyone to be so jaded that we never trusted another person ever again. But we can't be trusting of everything either because then everything falls. The attackers are
always going to try to find that crack that they can exploit. And they keep changing their tactics. They keep ch changing different ways of doing this. Fishers originally used mostly just email. Now they've moved into other areas as well in addition to email. They
could do an SMS message to you. We call that instead of fishing, we call that smishing. They could do fishing via voicemail. We call that fishing. There's even a new one called quishing where they use QR code. This is a pseudo asks, "Are password managers safe?" If you're asking a security person, is it safe? The answer is no. I don't even have to know what the question was. The answer
is it's not safe. Nothing is ever fully safe. Nothing is ever fully secure. Now, is it safe enough? It depends on which password manager you use and how you use it and where you put the password manager and how you get access to the password manager itself. Most of these password managers will require you to set a strong password that you type in once and then that unlocks all the other passwords that it keeps in its storage. If you have a trivial password on your password manager, you have an unsafe system. So you need to have at least one
really good password. And again, maybe use multiffactor authentication so that it doesn't rely just on a password to get in. Let me tell you what's better than a password. If you're trying to
make sure that no one steals your password, don't have one in the first place. And you say, "What does that mean? How I don't get to choose that?" Well, actually, you are more and more getting to choose a newer technology called pass keys. There's an organization called PHO, fast identity online, that came out with this standard. And pass keys sounds like the same kind of thing, password, pass key.
It's actually very different. Pass keys use cryptographic techniques. You don't have to reme remember what the password is. You don't have to choose what the password is. You unlock your device. The pass key is a cryptographic key that's kept on your device and may or may not be synced with other devices that you have. It's relatively fishing resistant, if not almost impossible to fish because it uses a challenge response system. And
all of this stuff happens under the covers. And the good news is password managers support both passwords, the good ones, and pass keys, so you don't have to choose. Curious Brain 2781 asks, "How likely is it to catch a virus nowadays, assuming a standard up-to-date antivirus?" It's actually still very possible. We continue to see that certain types of malware proliferate.
Thankfully, we've gotten a little better at this, but the problem is the game constantly keeps changing. So then we had to as an industry come out with things that were not just looking for literal signature that is a a string of bits that were in there in the particular malware itself and that was the identifier. Now we're looking for things like behaviors and if we're looking for those behaviors maybe we're able to block these things more often. A lot of these viruses and malware will exploit different vulnerabilities in software. So that's why as patching and updating of software levels has become more and more automated, we've been able to deal with a better defense than we had back in the day when these things were first coming out. Reboot your
system every so often because some viruses and malware are not able to survive across a reboot. So you'd like to get rid of those and clean things that way. But in general, use tools that can disinfect your system. That will help a lot. Tyrone Bigums asks, "What hack has caused the most damage?" depends on how you measure damage. Would
it be financial damage? Would it be in terms of the number of systems that were affected? Would it be in terms of the number of lives that were impacted? Would it be in terms of the number of lives that were lost? There's a lot of different ways to to look at this. There was one case where a ransomware instance happened at a hospital and it caused the hospital systems to not be available and they started redirecting emergency traffic to other hospitals. One person died during transport to a more distant hospital. So there's a case where indirectly ransomware cost a person their life at sector quadruple07 says but what is the CIA triad? Well CIA if you talk to a cyber security person probably doesn't mean central intelligence agency although it could. We think of this as one of the
classical security teachings and that is really lies at the fundamentals of everything we do in cyber security. Everything in cyber security is about these three confidentiality integrity and availability. So CIA, confidentiality, integrity, and availability, that's really everything we do in cy cyber security is about doing those three things. At gunlaze 1969 asks, what was the name of the first computer virus? Well, if you use the term virus in the larger sense of malware, I'm actually going to shift this question to refer to the first real example that the world came to know, and that was the Morris worm back in 1988. And that was where an MIT student came up with a way of planning a a piece of software on a lot of different systems across the internet and it spread automatically. That's what a worm does.
It self-replicates. And it did this and got to 10% of the internet before it finally got shut down. So that was really the first one that made the world wake up to the fact that this stuff could actually have software that could do harm. At Peter Burkehead asks, "How is it I never heard about phone freaking? It's an old attack. In the early days when there really were not a lot of computers to break into, there was a phone system and it was worldwide and phone freakers were the ones who tried to manipulate the phone system.
And it was discovered that you could actually control the phone system, maybe even reconfigure the switch that's involved. You could get free long-distance phone calls. There's a lot of different things you could do. And you could do this because the phone systems used a specific tone in order to put them into a management control mode.
That mode was triggered by a tone at 2600 hertz. So if you could whistle 2600 hertz or get a tone generator and hold it up to a phone, you could then take over the phone and maybe even penetrate into the system from that. It turned out that Captain Crunch, the cereal, came out with a toy prize, a whistle inside. And guess what? That whistle blew 2600 hertz. Now, Captain Crunch, I'm sure, had no idea that that's what was going to happen when they did that. They were
just making a toy for kids. But the phone freaker community learned about that pretty quickly and they got all over that and bought up a lot of Captain Crunch boxes and now they were able to go into payoneses and get free phone calls. But you don't hear about it much now because nobody really pays for long-distance phone calls. Barrow Wolf asks, "What movie has the most realistic concept of hacking?" Sorry, movie industry. I'm not sure any of them have gotten it really all that right. How it works in the real world is not necessarily all that exciting to watch.
It's often hours and hours of just mind-numbing activity of running different programs in the background until finally you trip onto something. It's not something that makes for a great spectator sport. So that's why you see the movies take liberties with this in order to make it a lot more interesting. I don't know if hackers ever actually say I'm in, but in every movie they certainly do. Okay, those are all the questions. Thanks for watching
History of Hacking Support. [Music]
2025-05-26 02:59
